Save the Nigerian astronaut (Facts about Phishing Part 1)

Sven Krumrey

Have you heard of Major Abacha Tunde? This brave Nigerian man has been spending his life on a Russian secret space station since 1990 and can only see his beloved home from orbit. Unfortunately, he cannot come home because his country doesn't have the foreign exchange to bring him back. Tragic isn't it? But you can help him and make it rich in the process! This good man naturally cannot spend his luxurious salary (no duty free shops in space) and Amazon only delivers world-wide. For only a few thousand Euros you can help Major Abacha Tunde get back to earth - and collect a giant yield. Don't believe me? Good for you! This is just one bizarre example of a phishing mail meant to cheat you out of your money. Read on to learn what phishing is all about!

An unknown hero: Major Abacha Tunde

World-wide operating scammers use phishing mails to extract important (bank account) data or money from you. Both their methods and professionalism varies widely. Sometimes, they will pretend to act on behalf of your bank, other times it's about package delivery, flowers or highly lucrative investments. The classic approach is to use fake sites or forms to trick you into filling in your bank information or get you to make a transfer. For that, official mails and websites are copied down to the last detail. Malware will also be used to direct you to fraudulent sites or log your keystrokes (including online banking). Once you receive a suspicious error after you made a transfer it's already too late.

Kindly provide your bank account data for a transfer...

A typical fishing attempt involves using a fake copy of your bank's website to extract your login credentials, PIN number and TANs. Things get particularly dangerous when you're dealing with professionals that have most of your personal information already filled in and provide links to authentic looking "bank websites". Usually, you'll be notified that due to technical issues (restructuring, authentication problems etc.) you need to input or confirm your data. My advice in these cases - keep it cool and start thinking. Has your bank ever contacted you in this way before? My guess is no. Banks tend to send letters. Get in contact with your bank before you click a suspicious link or input any data. Your bank will be familiar with these inquiries and quickly check their validity.

Scammers make millions with phishing attacks
A letter from a lawyer

Things get even more perfidious when criminals try to put psychological pressure on you. Alleged lawyers will line up dozens of paragraphs to scare regular Joes using terms such as "final notice" in their mails to make you feel guilty and coerce you into acting rashly. To keep you from seeking professional help, they will frequently allude to pornography or other sensitive matters and ask you for manageable amounts. Basically, criminals are counting on your willingness to pay a two- or three-figure sum to be left alone. If enough people pay, they'll still make a handsome profit.

When greed makes you stupid

The Nigerian Connection has gained some notoriety over the past few years. Known as advance fee frauds, their schemes involved advance payments with the prospect of making a huge profit in return. Victims were told that the sender needed their help to access large funds and that for a fee, they would be entitled to a princely sum of money, often millions of dollars. Not only did the scammers use authentic looking mails but they also created "official" websites for banks, dignitaries and the government to deceive their readers. I'd call that well-organized crime. Recipients were usually asked to pay fees or bribe money. Inheritance frauds, alleged lottery wins or trustee services are similar ploys that have already caused millions of Euros worth of damage. It all may seem laughable to persons unconcerned - but it was done so well that it worked. It was mainly a game of greed that also made recipients feel superior, like they had been singled out from the masses. Great efforts were made, inquiries were competently and professionally answered. Everything seemed so believable that one American lady opted to pay a second time even after having been notified by the police that she fell victim to a fraud. She apparently believed it to be merely a misunderstanding on the part of her African friends.

Love to your bank account
From afar with love

Another scheme that helped cheat countless victims of large amounts of money operates on an emotional level. Whether it's simply lust or the love of your life - in the end it's all about money, again. This scheme targets users of online dating services but emails are also sent out randomly. Potential partners from abroad are putting their passionate love to (electronic) paper, how thoughtful. Even video chats or phone calls are possible. All it takes for the long-awaited meeting (that will never happen, of course) to take place is a bank transfer to pay for a hospital stay, a debt, passport formalities or the like. And close relatives, police officers or friends will be happy to testify to the credibility of the lover in distress. The stronger the emotional bond, the more dire the situation - the quicker victims will open their wallets. Common sense to the rescue: How quickly do often highly attractive men/women really fall in love? How do they react once you rule out any payments? How likely are the reported circumstances? It's often hard to keep a level head!

These were just a few examples and some background information on the topic of phishing. Next week, you will learn how to spot phishing mails and how to act when you do.

Back to overview

Write comment

Please log in to comment